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1 . A method for digital content access control, comprising: 
determining digital content to be made accessible via a rights locker; 
determining enrollment authentication data; 

sending a rights locker enrollment request to a rights locker provider, said rights 
locker enrollment request comprising a digital content request and said 
enrollment authentication data; 

receiving one or more authenticated rights locker access requests in response to said 
sending, said one or more authenticated rights locker access requests for 
subsequent use in accessing digital content associated with said rights locker; 

receiving an indication of a selection of one of said one or more authenticated rights 
locker access requests; 

sending said authenticated rights locker access request to a rights locker provider; 
and 

receiving a result in response to said sending said authenticated rights locker access 
request. 

2. The method of claim 1 wherein said digital content request comprises a request for 
initializing said rights locker with rights to specified digital content. 

3. The method of claim 1 wherein said enrollment authentication data comprises: 
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rights locker access authentication data for determining what rights, if any, said user 

has to access said rights locker; and 
rights content access authentication data for determining what rights, if any, said user 

has to digital content associated with said rights locker. 

4. The method of claim 3 wherein said rights locker access authentication data 
comprises payment for use of a rights locker service. 

5. The method of claim 3 wherein said rights content access authentication data 
comprises payment for rights deposited in said rights locker. 

6. The method of claim 1 wherein said enrollment authentication data comprises a 
reenrollment key determined in a previous enrollment request for said rights locker, 
said reenrollment key for supplementing or replacing enrollment authentication data 
of said previous enrollment request. 

7. The method of claim 1, further comprising storing at least part of said one or more 
authenticated rights locker access requests in a bookmark on a user device. 

8. The method of claim 1 wherein said one or more authenticated rights locker access 
requests are embedded in a Web cookie. 
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9. The method of claim 1 wherein said one or more authenticated rights locker access 
requests are encapsulated in an HTTP Response message. 



10. A method for digital content access control, comprising: 

receiving a rights locker enrollment request from a user device associated with a 
user, said rights locker enrollment request comprising a digital content request 
and enrollment authentication data; 
determining whether said user is authorized, said determining comprising 

determining the rights of said user to access said rights locker and the rights of 
said user to digital content specified by said digital content request; 
if said user is authorized, 

initializing said rights locker with rights to said digital content; 

obtaining one or more tokens that authenticate future access to a rights locker 

corresponding to said digital content; 
creating one or more authenticated rights locker access requests based at least in 

part on said one or more tokens; 
sending said one or more authenticated rights locker access requests; 
receiving an indication of a user selection of one of said one or more 

authenticated rights locker access requests; and 
accessing the contents of said rights locker according to a type of said rights 
token. 
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The method of claim 10 wherein said digital content request comprises a request for 
initializing said rights locker with rights to specified digital content. 



12. The method of claim 10 wherein said enrollment authentication data comprises: 
rights locker access authentication data for determining what rights, if any, said user 

has to access said rights locker; and 
rights content access authentication data for determining what rights, if any, said user 
has to digital content associated with said rights locker. 

13. The method of claim 12 wherein said rights locker access authentication data 
comprises payment for use of a rights locker service. 

14. The method of claim 12 wherein said rights content access authentication data 
comprises payment for rights deposited in said rights locker. 

15. The method of claim 10 wherein said enrollment authentication data comprises a 
reenrollment key determined in a previous enrollment request for said rights locker, 
said reenrollment key for supplementing or replacing enrollment authentication data 
of said previous enrollment request. 

16. The method of claim 10 wherein said determining comprises determining whether 
said user is entitled to become an enrolled user based at least in part on whether 
payment for use of the rights locker service succeeds. 
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17. The method of claim 10 wherein said determining comprises determining whether an 
enrolled user is entitled to populate said rights locker with rights to said digital 
content based at least in part on whether payment for said rights succeeds. 

18. The method of claim 10 wherein at least part of said one or more authenticated rights 
locker access requests are for storage in a bookmark on a user device. 

19. The method of claim 10, further comprising embedding said one or more 
authenticated rights locker access requests in a Web cookie before said sending. 

20. The method of claim 10, further comprising encapsulating said one or more 
authenticated rights locker access requests in an HTTP Response message before 
said sending. 

21. A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform a method for digital content 
access control, the method comprising: 

determining digital content to be made accessible via a rights locker; 
determining enrollment authentication data; 

sending a rights locker enrollment request to a rights locker provider, said rights 
locker enrollment request comprising a digital content request and said 
enrollment authentication data; 
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receiving one or more authenticated rights locker access requests in response to said 
sending, said one or more authenticated rights locker access requests for 
subsequent use in accessing digital content associated with said rights locker; 

receiving an indication of a selection of one of said one or more authenticated rights 
locker access requests; 

sending said authenticated rights locker access request to a rights locker provider; 
and 

receiving a result in response to said sending said authenticated rights locker access 
request. 

22. The program storage device of claim 21 wherein said digital content request 
comprises a request for initializing said rights locker with rights to specified digital 
content. 

23. The program storage device of claim 21 wherein said enrollment authentication data 
comprises: 

rights locker access authentication data for determining what rights, if any, said user 

has to access said rights locker; and 
rights content access authentication data for determining what rights, if any, said user 

has to digital content associated with said rights locker. 

24. The program storage device of claim 23 wherein said rights locker access 
authentication data comprises payment for use of a rights locker service. 
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25. The program storage device of claim 23 wherein said rights content access 
authentication data comprises payment for rights deposited in said rights locker. 

26. The program storage device of claim 21 wherein said enrollment authentication data 
comprises a reenrollment key determined in a previous enrollment request for said 
rights locker, said reenrollment key for supplementing or replacing enrollment 
authentication data of said previous enrollment request. 

27. The program storage device of claim 21, said method further comprising storing at 
least part of said one or more authenticated rights locker access requests in a 
bookmark on a user device. 

28. The program storage device of claim 21 wherein said one or more authenticated 
rights locker access requests are embedded in a Web cookie. 

29. The program storage device of claim 21 wherein said one or more authenticated 
rights locker access requests are encapsulated in an HTTP Response message. 

30. A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform a method for digital content 
access control, the method comprising: 
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receiving a rights locker enrollment request from a user device associated with a 
user, said rights locker enrollment request comprising a digital content request 
and enrollment authentication data; 
determining whether said user is authorized, said determining comprising 

determining the rights of said user to access said rights locker and the rights of 
said user to digital content specified by said digital content request; 
if said user is authorized, 

initializing said rights locker with rights to said digital content; 

obtaining one or more tokens that authenticate future access to a rights locker 

corresponding to said digital content; 
creating one or more authenticated rights locker access requests based at least in 

part on said one or more tokens; 
sending said one or more authenticated rights locker access requests; 
receiving an indication of a user selection of one of said one or more 

authenticated rights locker access requests; and 
accessing the contents of said rights locker according to a type of said rights 
token. 

31. The program storage device of claim 30 wherein said digital content request 

comprises a request for initializing said rights locker with rights to specified digital 
content. 
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32. The program storage device of claim 30 wherein said enrollment authentication data 
comprises: 

rights locker access authentication data for determining what rights, if any, said user 

has to access said rights locker; and 
rights content access authentication data for determining what rights, if any, said user 

has to digital content associated with said rights locker. 

33. The program storage device of claim 32 wherein said rights locker access 
authentication data comprises payment for use of a rights locker service. 

34. The program storage device of claim 32 wherein said rights content access 
authentication data comprises payment for rights deposited in said rights locker. 

35. The program storage device of claim 30 wherein said enrollment authentication data 
comprises a reenrollment key determined in a previous enrollment request for said 
rights locker, said reenrollment key for supplementing or replacing enrollment 
authentication data of said previous enrollment request. 

36. The program storage device of claim 30 wherein said determining comprises 
determining whether said user is entitled to become an enrolled user based at least in 
part on whether payment for use of the rights locker service succeeds. 
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37. The program storage device of claim 30 wherein said determining comprises 
determining whether an enrolled user is entitled to populate said rights locker with 
rights to said digital content based at least in part on whether payment for said rights 
succeeds. 

38. The program storage device of claim 30 wherein at least part of said one or more 
authenticated rights locker access requests are for storage in a bookmark on a user 
device. 

39. The program storage device of claim 30, said method further comprising embedding 
said one or more authenticated rights locker access requests in a Web cookie before 
said sending. 

40. The program storage device of claim 30, said method further comprising 
encapsulating said one or more authenticated rights locker access requests in an 
HTTP Response message before said sending. 

41. An apparatus for digital content access control, comprising: 

means for determining digital content to be made accessible via a rights locker; 
means for determining enrollment authentication data; 

means for sending a rights locker enrollment request to a rights locker provider, said 
rights locker enrollment request comprising a digital content request and said 
enrollment authentication data; 
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means for receiving one or more authenticated rights locker access requests in 
response to said sending, said one or more authenticated rights locker access 
requests for subsequent use in accessing digital content associated with said 
rights locker; 

means for receiving an indication of a selection of one of said one or more 

authenticated rights locker access requests; 
means for sending said authenticated rights locker access request to a rights locker 

provider; and 

means for receiving a result in response to said sending said authenticated rights 
locker access request. 

42. The apparatus of claim 41 wherein said digital content request comprises a request 
for initializing said rights locker with rights to specified digital content. 

43. The apparatus of claim 41 wherein said enrollment authentication data comprises: 
rights locker access authentication data for determining what rights, if any, said user 

has to access said rights locker; and 
rights content access authentication data for determining what rights, if any, said user 
has to digital content associated with said rights locker. 

44. The apparatus of claim 43 wherein said rights locker access authentication data 
comprises payment for use of a rights locker service. 
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45. The apparatus of claim 43 wherein said rights content access authentication data 
comprises payment for rights deposited in said rights locker. 

46. The apparatus of claim 41 wherein said enrollment authentication data comprises a 
reenrollment key determined in a previous enrollment request for said rights locker, 
said reenrollment key for supplementing or replacing enrollment authentication data 
of said previous enrollment request. 

47. The apparatus of claim 41, further comprising means for storing at least part of said 
one or more authenticated rights locker access requests in a bookmark on a user 
device. 

48. The apparatus of claim 41 wherein said one or more authenticated rights locker 
access requests are embedded in a Web cookie. 

49. The apparatus of claim 41 wherein said one or more authenticated rights locker 
access requests are encapsulated in an HTTP Response message. 

50. An apparatus for digital content access control, comprising: 

means for receiving a rights locker enrollment request from a user device associated 
with a user, said rights locker enrollment request comprising a digital content 
request and enrollment authentication data; 
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means for determining whether said user is authorized, said determining comprising 
determining the rights of said user to access said rights locker and the rights of 
said user to digital content specified by said digital content request; 
means for if said user is authorized, 

initializing said rights locker with rights to said digital content; 

obtaining one or more tokens that authenticate future access to a rights locker 

corresponding to said digital content; 
creating one or more authenticated rights locker access requests based at least in 

part on said one or more tokens; 
sending said one or more authenticated rights locker access requests; 
receiving an indication of a user selection of one of said one or more 

authenticated rights locker access requests; and 
accessing the contents of said rights locker according to a type of said rights 

token. 

51. The apparatus of claim 50 wherein said digital content request comprises a request 
for initializing said rights locker with rights to specified digital content. 

52. The apparatus of claim 50 wherein said enrollment authentication data comprises: 
rights locker access authentication data for determining what rights, if any, said user 

has to access said rights locker; and 
rights content access authentication data for determining what rights, if any, said user 
has to digital content associated with said rights locker. 
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53. The apparatus of claim 52 wherein said rights locker access authentication data 
comprises payment for use of a rights locker service. 

54. The apparatus of claim 52 wherein said rights content access authentication data 
comprises payment for rights deposited in said rights locker. 

55. The apparatus of claim 50 wherein said enrollment authentication data comprises a 
reenrollment key determined in a previous enrollment request for said rights locker, 
said reenrollment key for supplementing or replacing enrollment authentication data 
of said previous enrollment request. 

56. The apparatus of claim 50 wherein said determining comprises determining whether 
said user is entitled to become an enrolled user based at least in part on whether 
payment for use of the rights locker service succeeds. 

57. The apparatus of claim 50 wherein said determining comprises means for 
determining whether an enrolled user is entitled to populate said rights locker with 
rights to said digital content based at least in part on whether payment for said rights 
succeeds. 

58. The apparatus of claim 50 wherein at least part of said one or more authenticated 
rights locker access requests are for storage in a bookmark on a user device. 



133 



EV 263 600 987 US 



Docket No. SUN-040204 



59. The apparatus of claim 50, further comprising means for embedding said one or 
more authenticated rights locker access requests in a Web cookie before said 
sending. 

60. The apparatus of claim 50, further comprising means for encapsulating said one or 
more authenticated rights locker access requests in an HTTP Response message 
before said sending. 

61. An apparatus for digital content access control, comprising: 
a memory for storing said digital content; and 

a processor configured to: 

determine digital content to be made accessible via a rights locker; 
determine enrollment authentication data; 

send a rights locker enrollment request to a rights locker provider, said rights 
locker enrollment request comprising a digital content request and said 
enrollment authentication data; 

receive one or more authenticated rights locker access requests in response to said 
sending, said one or more authenticated rights locker access requests for 
subsequent use in accessing digital content associated with said rights locker; 

receive an indication of a selection of one of said one or more authenticated rights 
locker access requests; 
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send said authenticated rights locker access request to a rights locker provider; 
and 

receive a result in response to said sending said authenticated rights locker access 
request. 

62. The apparatus of claim 61 wherein said digital content request comprises a request 
for initializing said rights locker with rights to specified digital content. 

63. The apparatus of claim 61 wherein said enrollment authentication data comprises: 
rights locker access authentication data for determining what rights, if any, said user 

has to access said rights locker; and 
rights content access authentication data for determining what rights, if any, said user 
has to digital content associated with said rights locker. 

64. The apparatus of claim 63 wherein said rights locker access authentication data 
comprises payment for use of a rights locker service. 

65. The apparatus of claim 63 wherein said rights content access authentication data 
comprises payment for rights deposited in said rights locker. 

66. The apparatus of claim 61 wherein said enrollment authentication data comprises a 
reenrollment key determined in a previous enrollment request for said rights locker, 
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said reenrollment key for supplementing or replacing enrollment authentication data 
of said previous enrollment request. 



67. The apparatus of claim 61 wherein said apparatus comprises a smart card. 

68. The apparatus of claim 67 wherein said smart card comprises a Java Card™ 
technology-enabled smart card. 

69. The apparatus of claim 67 wherein said smart card comprises a CDMA (Code 
Division Multiple Access) technology-enabled smart card. 

70. The apparatus of claim 67 wherein said smart card comprises a SIM (Subscriber 
Identity Module) card. 

71. The apparatus of claim 67 wherein said smart card comprises a WIM (Wireless 
Interface Module). 

72. The apparatus of claim 67 wherein said smart card comprises a USIM (Universal 
Subscriber Identity Module). 

73. The apparatus of claim 67 wherein said smart card comprises a UTM (User Identity 
Module). 
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74. The apparatus of claim 67 wherein said smart card comprises a R-UIM (Removable 
User Identity Module). 



75. The apparatus of claim 61 wherein said processor is further configured to store at 
least part of said one or more authenticated rights locker access requests in a 
bookmark on a user device. 

76. The apparatus of claim 61 wherein said one or more authenticated rights locker 
access requests are embedded in a Web cookie. 

77. The apparatus of claim 61 wherein said one or more authenticated rights locker 
access requests are encapsulated in an HTTP Response message. 

78. An apparatus for digital content access control, comprising: 

a memory for storing one or more rights lockers that describe digital content access 

rights; and 
a processor configured to: 

receive a rights locker enrollment request from a user device associated with a 
user, said rights locker enrollment request comprising a digital content 
request and enrollment authentication data; 
determine whether said user is authorized, said determining comprising 

determining the rights of said user to access said rights locker and the rights 
of said user to digital content specified by said digital content request; 
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if said user is authorized, 

initialize said rights locker with rights to said digital content; 

obtain one or more tokens that authenticate future access to a rights locker 

corresponding to said digital content; 
create one or more authenticated rights locker access requests based at least 

in part on said one or more tokens; 
send said one or more authenticated rights locker access requests; 
receive an indication of a user selection of one of said one or more 

authenticated rights locker access requests; and 
access the contents of said rights locker according to a type of said rights 

token. 

79. The apparatus of claim 78 wherein said digital content request comprises a request 
for initializing said rights locker with rights to specified digital content. 

80. The apparatus of claim 78 wherein said enrollment authentication data comprises: 
rights locker access authentication data for determining what rights, if any, said user 

has to access said rights locker; and 
rights content access authentication data for determining what rights, if any, said user 
has to digital content associated with said rights locker. 

81. The apparatus of claim 80 wherein said rights locker access authentication data 
comprises payment for use of a rights locker service. 
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82. The apparatus of claim 80 wherein said rights content access authentication data 
comprises payment for rights deposited in said rights locker. 

83. The apparatus of claim 78 wherein said enrollment authentication data comprises a 
reenrollment key determined in a previous enrollment request for said rights locker, 
said reenrollment key for supplementing or replacing enrollment authentication data 
of said previous enrollment request. 

84. The apparatus of claim 78 wherein said processor is further configured to determine 
whether said user is entitled to become an enrolled user based at least in part on 
whether payment for use of the rights locker service succeeds. 

85. The apparatus of claim 78 wherein said processor is further configured to determine 
whether an enrolled user is entitled to populate said rights locker with rights to said 
digital content based at least in part on whether payment for said rights succeeds. 

86. The apparatus of claim 78 wherein at least part of said one or more authenticated 
rights locker access requests are for storage in a bookmark on a user device. 

87. The apparatus of claim 78 wherein said processor is further configured to embed said 
one or more authenticated rights locker access requests in a Web cookie before said 
sending. 
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88. The apparatus of claim 78 wherein said processor is further configured to 

encapsulate said one or more authenticated rights locker access requests in an HTTP 
Response message before said sending. 
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